Story Highlights

RSA’s top two executives kicked off RSA® Conference Europe 2012 with a joint keynote addressing the outdated models, practices and technologies holding back security organizations from effectively protecting against evolving risks and advanced threats.

RSA Executive Chairman Art Coviello advocated for a rebalancing of risk priorities and security spending to increase the emphasis on more proactive, intelligence-driven security strategies.

RSA President Tom Heiser shared his first-hand experiences working with numerous security leaders and practitioners at organizations worldwide, including examples of those finding success in proactively managing business risk, protecting against advanced threats and meeting compliance mandates.

In a joint opening keynote at RSA Conference London 2012, the top two executives at RSA®, The Security Division of EMC (NYSE: EMC), shared ideas and experiences about the critical issues affecting security organizations throughout the world – that outdated strategies, approaches and technologies are holding back security organizations from effectively protecting against rapidly evolving risks and advanced threats.

While addressing the crowd, Art Coviello, Executive Vice President for EMC and Executive Chairman of RSA attributed unbalanced security budget allocations, a shortage of skilled talent and the “perception versus reality gap” as key challenges hampering the effectiveness of security organizations.

Coviello offered an intelligence-driven security model based on a thorough understanding and reprioritization of business risk that results in risk mitigation strategies that when implemented produce threat-resistant organizations that also meet compliance mandates. This model requires agile controls based on pattern recognition and predictive analysis, and the use of big data analytics to give context to vast streams of data from numerous sources.

RSA President Tom Heiser echoed Coviello’s call for an intelligence-driven security model and drew from his many discussions in 2012 with security practitioners, leading government experts, law enforcement and others in the industry to offer insights and best practices. Heiser pointed out several noteworthy examples of progress being made by organizations on the leading edge of employing a risk-based, intelligence-driven security strategy:

Some organizations are evolving the traditional Security Operations Center into an advanced Security Analytics Center, delivering the situational awareness and threat analytics required for active defense.

Organizations are putting increased focus on authentication and access management controls as they enable more access to networks and digital resources, especially in light of mobile, cloud and the Bring Your Own Device “user revolution.”

Organizations are shifting the relationship between compliance and security to ensure that a strong security posture, with appropriate reporting, can lead to a strong compliance posture.

Discussions about cyber risk and security are happening more at the board level as senior executives turn to their security teams to help them better understand the risks to their business.

Heiser concluded by explaining that the progress in security may seem to be met with new challenges but in aggregate, he sees evidence that mindsets are changing. There is a clearer view of the new risks facing the industry and there is an increase and new urgency in information sharing. Finally, perimeter–centric approaches to security are being replaced by a more mature model that if done right can offer organizations confidence in their ability to defend today’s open, hyper-connected and distributed digital infrastructures.

Executive Quotes from the Keynote:

“The implication of these forces is that security models are not moving fast enough to make the transition from perimeter-based to intelligence-based security while adversaries become more sophisticated. Confusion about what to do abounds because of this ‘perception versus reality’ gap as well as an increasing spread between sophisticated and naïve organizations, largely based on the aptitude of personnel.”

“In an age of openness where successful breaches are to be expected, if not inevitable, the balance of security spending must shift. Without rebalancing this spend it will become increasingly difficult, if it isn’t already, for organizations to have the ability to timely detect a breach and have the capability to respond fast enough to avoid loss.”

Tom Heiser, President, RSA

“One thing that’s evident in my discussions with customers is that many of them do recognize the need to change their mindset and how they approach security. More companies every day are acknowledging that in order to survive in this new era of attacks we all have to accept the fact that bad guys are in our network. Period. It is a fact of life in our connected, consumerized digital world.”

“Fortunately I am seeing more companies move past the knee-jerk reaction that says any form of breach is a catastrophic failure. Customers, more executives and more boards of directors are starting to understand that accepting the fact that intrusions will occur is not the same as accepting that losses of sensitive information, malicious vandalism or other harm have to occur. They are adopting new tools and new tactics to balance broad, easy access to information with agile, effective security.”

Additional RSA News at RSA Conference Europe 2012:

RSA announced new research it sponsors from the Security for Business Innovation Council (SBIC) titled “Realizing the Mobile Enterprise: Balancing the Risks and Rewards of Consumer Devices.” This latest report written for leaders responsible for overseeing IT and risk, addresses the continued surge of consumer mobile devices in the enterprise and shares strategic insights from 19 security leaders who offer five recommendations for how to manage the fast-changing mobility risks in the enterprise while maximizing business opportunities.

RSA also announced an innovative new technology solution, RSA® Distributed Credential Protection that is engineered to radically increase the difficulties for cyber thieves to steal sensitive data. Designed to work alongside existing password protections, RSA Distributed Credential Protection is built to dramatically reduce the likelihood of the kinds of successful “smash-and-grab” attacks on password servers that compromise customer, retail and financial portals every year, leaving millions of passwords and credentials at risk.

About RSA

RSA, The Security Division of EMC, is the premier provider of security, risk, and compliance- management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention, and Fraud Protection with industry-leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.EMC.com/RSA.